Cybersecurity, Hacking and Ransomware: What Every Local Government Needs to Know June 10th, 2020 W W W . A R G O C Y B E R . C O M
Lorem ipsum dolor sit amet, consectetuer Jim Rogers, CEO, SME & Co-Founder has over 25 years of industry Cyber Security Experience in the Department of adipiscing elit, sed diam nonummy nibh Defense and the Intelligence Community. Jim started his career here in Pensacola euismod tincidunt ut laoreet dolore magna as an enlisted person being trained in Electronic Warfare and Cryptologic operations. Jim served on multiple US Navy warships during his tenure in the US aliquam erat volutpat. Ut wisi enim ad minim Navy. During Jim's last tour of Duty in Norfolk, Virginia in the Mid 1990’s, he began his journey into Cyber security and has completed both a BS and MS in Cyber veniam, quis nostrud exerci tation last loverna Security and received Graduate Certificates from the National Defense University as well as many top industry Cyber Security Certifications. Jim Currently mentors ullamcorper suscipit lobortis nisl ut aliquip. many up-and-coming cyber security professionals in hopes to impart his knowledge Who We Are and experience on the next generation. Duis autem vel eum iriure dolor in hendrerit in Kevin J. Schmidt, CTO & Co-Founder vulputate velit esse molestie consequat, vel is a born-and-raised native of West Pensacola. In 1993 he was offered and opportunity to work at the Gulf Coast Internet Company (GCIC). At GCIC he was illum dolore eu feugiat nulla facilisis at vero able to sharpen his skills in software engineering, system administration, network engineering, and leadership. At the age of 23, Kevin took what he learned and eros et accumsan et iusto odio dignissim qui moved to Atlanta, GA. For 21 years, Kevin worked at various start-ups and software companies in and around Atlanta. He was employee number five at one of the first blandit praesent luptatum zzril delenit augue Security Information and Event Management (SIEM) software companies, which duis dolore te feugait nulla IBM eventually bought. He spent 12 years at Dell Secureworks, a national MSSP. He is also a published author and holds a cyber security and machine learning patent. Lorem ipsum dolor sit amet, cons ectetuer adipiscing elit, sed diam nonummy nibh euismod tincidunt ut laoreet dolore magna aliquam erat volutpat. Ut wisi enim ad minim veniam, quis.
Agenda • It’s all about Cyber Resiliency • Types of Hackers • What is Ransomware? • How is Ransomware Spread? • Decreasing Your Risk from Ransomware • Data Protections Requirements • Legal Considerations & Ransomware • Closing Thoughts • Questions W W W . A R G O C Y B E R . C O M
It’s All about Cyber Resiliency “ Cyber resilience refers to an entity's ability to continuously deliver the intended outcome, despite adverse cyber events.” - https://en.wikipedia.org/wiki/Cyber_resilience W W W . A R G O C Y B E R . C O M
Types of Hackers • Types of hackers, or threat actors, typically fall into one of several categories. • Script Kiddies • Hackers with little to no skill who only use the tools and exploits written by others • Hacktivists • Hackers who are driven by a cause like social change, political agendas, or terrorism • Organized Crime • Hackers who are part of a crime group that is well-funded and highly sophisticated • Advanced Persistent Threats (APT) • Highly trained and funded groups of hackers (often by nation states) with covert and open-source intelligence at their disposal W W W . A R G O C Y B E R . C O M
What is Ransomware? • Encrypt your data and hold it hostage until you pay up. • A variant on this is to ask for money to not LEAK your data. • Ransomware Steps: • Infection • Key exchange • Encryption • Extortion • Unlocking In a recent ransomware survey, 80% of respondents perceived ransomware as an extreme or moderate threat, and of those organizations that suffered a ransomware attack, 75% experienced up to five attacks over one year. It’s no surprise given that ransomware is (at time of publication) a USD $2 billion ‘market’, and rapidly growing as threat actors, including organized crime and malicious states, try to take their share. W W W . A R G O C Y B E R . C O M
How is Ransomware Spread? • For each “method,” there are ever-evolving variants • Malicious Email / Phishing • Unpatched systems • World accessible remote access • Remote Desktop Protocol (RDP) • Secure Shell (SSH) W W W . A R G O C Y B E R . C O M
Decreasing Your Risk from Ransomware • Reduce your time to detection and response • Architect your environment to minimize cross-infection • Implement a backup plan • Train your organization • Regularly scan for and patch vulnerabilities • Ensure your security solutions are up to date • Continuous Monitoring • Asset Discovery • Vulnerability Assessment • Network Intrusion Detection (IDS) • Host Intrusion Detection (HIDS) and File Integrity Monitoring (FIM) • Security Information and Event Management (SIEM) Event Correlation & Alerting • SIEM Log Management & Reporting • Let’s discuss each of these now. W W W . A R G O C Y B E R . C O M
Decreasing Your Risk from Ransomware (cont.) • Architect your environment to minimize cross-infection – This includes implementing network segmentation and a least-privilege model to limit ability for any ransomware to traverse the network. W W W . A R G O C Y B E R . C O M
Decreasing Your Risk from Ransomware (cont.) • Implement a backup plan – Even if only part of your data is irretrievably lost due to a ransomware attack, it can still cost your organization in terms of lost productivity and the efforts to try to retrieve that data. Defining and implementing a backup policy is a critical defense, and, using offline backups. W W W . A R G O C Y B E R . C O M
Decreasing Your Risk from Ransomware (cont.) • Train your organization – People are often the weak link when it comes to ransomware. Regularly train your employees on how to identify phishing attempts, the risks associated with opening email attachments, and more. Equally important is to ensure they know what to do if they feel that they have been compromised, including who and how to report the incident to ensure the fastest response. W W W . A R G O C Y B E R . C O M
Decreasing Your Risk from Ransomware (cont.) • Regularly scan for and patch vulnerabilities – The WannaCry ransomware took advantage of an exploit for which a patch had been available for over one month. The organizations impacted were either unaware of the patch or had failed to deploy the patch in a timely fashion. Knowing what assets exist across your environment, what software and services they run, understanding where vulnerabilities exist and what patches are available are all critical to being able to shore up any gaps before a malicious actor exploits that vulnerability. W W W . A R G O C Y B E R . C O M
Decreasing Your Risk from Ransomware (cont.) • Ensure your security solutions are up to date – Any software solution may have flaws, and many software security solutions like vulnerability or malware defense solutions require threat intelligence to be able to know what threats are out there and how to detect them. Ensure that you regularly update your security solutions to address any issues, add new and enhanced capabilities, and ensure that they are running with their latest threat intelligence so that they are optimally protecting your environment. W W W . A R G O C Y B E R . C O M
Decreasing Your Risk from Ransomware (cont.) • Asset Discovery - Monitors your on-premises and cloud environments for new assets, identifying new systems and devices that need to be monitored and assessed for vulnerabilities that ransomware could exploit. W W W . A R G O C Y B E R . C O M
Decreasing Your Risk from Ransomware (cont.) • Vulnerability Assessment — Continually scans your environments to detect vulnerabilities that attackers could exploit in a ransomware attack. The platform ranks vulnerabilities by severity so that you can prioritize your remediation efforts. W W W . A R G O C Y B E R . C O M
Decreasing Your Risk from Ransomware (cont.) • Network Intrusion Detection (IDS) — Analyzes the network traffic to detect signatures of known ransomware, and communications with known malicious servers. Using field- proven IDS technologies, we identify attacks, malware, policy violations, and port scans that could be indicators of malicious activity on your networks. W W W . A R G O C Y B E R . C O M
Decreasing Your Risk from Ransomware (cont.) • Host Intrusion Detection (HIDS) and File Integrity Monitoring (FIM) — Analyzes system behavior and configuration status to identify suspicious activity and potential exposure. This includes the ability to identify changes to critical system and application files, as well as modifications to the Windows Registry, that could be made to initiate the ransomware’s encryption engine. W W W . A R G O C Y B E R . C O M
Recommend
More recommend